Microsoft Office Word is prone to a memory corruption vulnerability when the wdGetApplicationObject function processes a malformed Word document. This can be exploited to execute arbitrary code by convincing an unsuspecting user to open a specially crafted .DOC file.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability exists within the way that Internet Explorer

instantiates GET Extension Factory COM objects, which are not intended to be created inside of the browser. The object does not initialize properly, and this leads to a memory corruption vulnerability.

Foxit PDF Reader 4.2 Javascript File Write. Foxit enables the user document to create files on any directory without further checks.

This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.5.2 when parsing a malformed, specially crafted AS (Applix Spreadsheet) file.

The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques.

Buffer overflow in Microsoft Office Excel allows remote attackers to execute arbitrary code via a crafted .XLS file with a malformed HFPicture (0x866) record.

QuickTime has a backdoor in QTPlugin.ocx implemented during development cycle, this can be used by execute arbitrary code under the context of the browser.

This version add CVE.

ACDSee Photo Editor is prone to a buffer-overflow vulnerability due to a boundary error when processing XBM image files.